Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2614
Views
0
Helpful
4
Replies

Assign different group policies to AnyConnect users authenticating via Active directory radius

Go to solution
vitumbiko nkhwazi
Level 1
Level 1

‎01-10-2021 07:53 AM

Hello.

 

I am setting up a Remote Access VPN that users will authenticate using a Radius Server group via Active Directory, the requirement is that i want to have a group of users that when authenticated they should be assigned a particular Group-Policy and another group of users should have a different group-Policy assigned. The idae behind this is that one group of users will have access to some servers and the other group will have access to a different set of server IPs. How can i accomplish this with Radius Authentication?

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎01-10-2021 08:04 AM

Hi @vitumbiko nkhwazi 

You need to use the RADIUS attribute "Class" with the value of "25". The guide below provides instructions how to configure with Windows NPS RADIUS server.

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/117641-config-asa-00.html

View solution in original post

0 Helpful
4 Replies 4

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎01-10-2021 07:58 AM

Sure you can create an Any connect profiles and ask users to use the pull-down menu from any connect client and connect.

so they will be authenticated based on the group to which they belong to same AD Group and so they get the right resource to use

 

like  - VPN-MKT and VPN-ADM so on.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
vitumbiko nkhwazi
Level 1
Level 1
In response to balaji.bandi

‎01-10-2021 08:25 AM

hie Balaji.

 

thanks for the quick reply, but I dont want to let the users select the profile on thier own, i just want to have them provide the username and password and then they should be assigned the correct group-policy.

 

regards

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to vitumbiko nkhwazi

‎01-10-2021 09:01 AM

In that case look at @Rob Ingram  suggested URL. and let us know if that works for you.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Rob Ingram
VIP
VIP

‎01-10-2021 08:04 AM

Hi @vitumbiko nkhwazi 

You need to use the RADIUS attribute "Class" with the value of "25". The guide below provides instructions how to configure with Windows NPS RADIUS server.

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/117641-config-asa-00.html

0 Helpful
Customers Also Viewed These Support Documents